IB-expert Patrick Wardle (Patrick Wardle) has developed an innovative method for detecting and blocking malware and exploits on your Mac. As antivirus product Wordl suggested to use game engine from Apple, writes The Register.
At the conference, RSA Conference, held this week in San Francisco, Wardle told how he and his colleagues managed to create a number of guidance on how to identify malware and unauthorized attempts to penetrate the system and implement them in the Toolbox GameplayKit for the development of macOS-games.
First, the researchers have developed open-source MonitorKit that is associated with several macOS components and triggers alerts when suspicious activity is detected (e.g., key-logging, download files, simulate clicks, or encrypt files). The aim of the researchers was to create a system to collect indicators of potential threats (infection of your system by malware attacks, Trojans, ransomware, and even attempts to exploit zero-day vulnerabilities).
The second step was creating an engine capable of sorting events and using was developed by researchers of the instructions to distinguish malicious activity from legitimate. The end result was to get a system for detection and blocking/warning users about potential threats. At this stage of Wards turned their attention to computer games.
The researcher realized that the basic functionality of game engines (receiving events, the application to them of the instruction and generate relevant results) is exactly what it needs, and framework GameplayKit from Apple was very easy to work with.
According to Wardle, any game engine with quality API (not necessarily from Apple) could in theory be associated with a set of system calls and alerts and play the role of a security solution.
Read more •••